query Windows 2003 account status

I have a txt file which lists about 300 entries of samids.  Is there a way I can display the status of the samid (Active or Disable) and the samid itself?

We have WIN2003 AD environment.

Many Thanks.
nav2567Asked:
Who is Participating?
 
SuperTacoConnect With a Mentor Commented:
this will give you a listing of al disbled user account in AD

On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
    "<LDAP://dc=fabrikam,dc=com>;(&(objectCategory=User)" & _
        "(userAccountControl:1.2.840.113556.1.4.803:=2));Name;Subtree"  
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
Loop


Just be sure to change the Domain  in the script
0
 
nav2567Author Commented:
Thanks.  

Can the above display a list of samids?

I am not good at VB.  Do you know how to put them together using dsquery & dsget?  I tried but not successful.
0
 
SuperTacoCommented:
try this;

dsquery user -disabled -limit 0 | dsget user -samid > c:\disabledusers.txt
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
SuperTacoCommented:
For active users only try

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"  > c:\domainusers.txt

copy and past this to a notepad first to take out the wraparound
0
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
Use this simple syntax in a batch file on a DC or any workstation with Administrative Tools installed.

Sample batch file

@echo off

for /f %%i in (text-file-with-samids.txt) do dsquery user -samid %%i | dsget user -fn -ln -samid -disabled >>c:\users-status.txt

save it in the same location where txt file with users is and run from command-line that batch. You will get on C-Drive text file with results (First Name, Last Name, login and account status)

You can also use for that Quest PowerShell module for AD (if you're interested, let me know)

Regards,
Krzysztof
0
 
netjgrnautConnect With a Mentor Commented:
+1 Krzysztof - go with Quest PowerShell for AD

http://www.quest.com/powershell/activeroles-server.aspx

If you want all the AD users, along with the status, just run

Get-QADUser | select SamAccountName,DisplayName,AccountIsDisabled | ft -auto

Open in new window


If you want to use your text file, write a little PowerShell script like this:

$UserList = gc "C:\somewhere\userlist.txt"
ForEach ($User in $UserList) {
    Get-QADUser -SamAccountName $User | 
    select SamAccountName,DisplayName,AccountIsDisabled | ft -auto
}

Open in new window


The output will be an easy to read table.  If you need output to a CSV or TXT file, let me know!

Hope that helps!



0
 
nav2567Author Commented:
Thanks a lot everyone.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.